Beruflich Dokumente
Kultur Dokumente
Abstract: The hierarchy of PE (HoPE) feature of MPLS L3VPN provides a hierarchical networking
model, which solves the coverage and scalability problems of MPLS L3VPN services.
This document describes the fundamentals of the HoPE technology and gives its typical
application scenarios.
Acronyms:
PE Provider Edge
CE Customer Edge
HoPE Hierarchy of PE
Table of Contents
1 Overview......................................................................................................................................... 3
1.1 Background.......................................................................................................................... 3
1.1.1 Drawbacks of the Flat MPLS L3VPN Model ............................................................. 3
1.1.2 Typical Network Architectures................................................................................... 4
1.2 Benefits ................................................................................................................................ 6
2 HoPE Implementation..................................................................................................................... 7
2.1 Concepts.............................................................................................................................. 7
2.2 Technology Mechanism....................................................................................................... 7
2.2.1 Fundamental Architecture of HoPE........................................................................... 7
2.2.2 SPE and UPE............................................................................................................ 8
2.2.3 Protocol Between SPE and UPE .............................................................................. 9
2.2.4 Evolution of HoPE ..................................................................................................... 9
1 Overview
1.1 Background
Because of its capability in providing network connectivity and new services, MPLS
L3VPN has become an important tool for service providers to provide value-added
services. Though it is actually a basic telecommunication service, the MPLS L3VPN
technology still faces many challenges to be addressed, including the performance
and scalability problems.
CE CE
VPN A Site 1 PE
VPN B Site 2
P
CE CE
PE PE
P P
CE MPLS backbone CE
As shown in Figure 1 , the flat MPLS L3VPN architecture comprises Provider (P)
devices, PEs and CEs.
z P devices: Backbone devices that are not directly connected to any CE. P
devices are not aware of the existence of VPNs; they only need to support the
basic MPLS forwarding capability.
z PEs: Provider edge devices. Directly connected with users’ CEs, they
implement the VPN functions.
z CEs: Customer edge devices. They are customer-side devices that are directly
connected with service provider networks. CEs only need to have the ordinary
IP forwarding capability.
Among the three categories of devices described above, only PEs are involved in
VPN services, which makes PEs shoulder the complete pressure of implementing
MPLS L3VPN services. In such a flat architecture, all PEs are equal and need to
meet the same performance requirements regardless of their positions in the network.
The main problem of the flat architecture is that if some PEs experience performance
or scalability problems, the coverage and scalability of the VPN services for the whole
network will be affected.
Nowadays, the layered network architecture is widely adopted in network design. For
example, a typical metropolitan area network (MAN) has three layers: the core layer,
the aggregation layer and the access layer. In the direction from the core layer to the
access layer, the performance requirement on devices descends, while the layer size
increases. Unfortunately, this architecture is not applicable to MPLS L3VPNs.
To provide access services for users, PEs need to have a large number of interfaces.
And to process data packets, PEs need to have a large memory capacity and
powerful forwarding capability. However, it is not practical for PEs at all layers to
possess both high performance and many interfaces at the same time.
z The core layer devices feature high performance but have a limited number of
interfaces.
z The access layer devices have large numbers of interfaces but do not provide
high performance.
z The aggregation layer devices may fail to meet the requirement for either
performance or interface numbers.
As such, scalability is always a problem for the deployment of PEs at any layer, which
prevents PEs from expanding to network edge area. The unconformity of the flat
architecture of MPLS L3VPN with the layered network architecture is the main cause
that restricts the network expansion. The key of the typical layered network
architecture is to take full advantage of each layer, such as the high performance of
upper layer devices and the access capability of lower layer devices, in order to
provide a complete VPN service and to support smooth network upgrade.
The hierarchical network architecture is the natural choice for many networks. This is
because from the perspective of geography and administration, a hierarchical
network matches the multiple levels of national, provincial/state, municipal and district.
In addition, a single network level (such as the backbone network) can cover only a
limited area due to the size limit.
A hierarchical MPLS L3VPN network may span multiple ASs, such as the national
backbone, provincial/state backbones, MANs and county-level networks. PE nodes
are required at each network to support VPN access. However, performance
requirements on PEs vary significantly for different network levels. For example, PEs
deployed on a backbone may be core routers or high-end aggregation routers, while
PEs in a MAN or county-level network may be mid-range or low-end routers.
Due to the flat topology of MPLS L3VPN, the performance requirements for PEs are
the same regardless of the different levels. With the large scale deployment of MPLS
L3VPN services, PEs at end networks will face challenges in performance and
become the bottleneck.
between ASs, instead of a hierarchical structure. So, they are suitable for the VPN
connection among different service providers, rather than for the hierarchy
requirements for networks within a service provider.
As the hierarchical network structure is an inevitable trend, how to fit the MPLS
L3VPN network architecture into a hierarchical network to improve scalability and to
implement the multi-AS hierarchical structure has become an urgent issue.
To summarize, among the defects of the current MPLS L3VPN architecture, the main
problem is the flat structure which cannot meet the requirements of layered or
hierarchical network model. From that the following issues arise:
z The service coverage is limited; the operation cost cannot be reduced; the
MPLS L3VPN service cannot be deployed in large scale and the end-to-end
high value services are restricted.
z The network is not scalable. Therefore, MPLS L3VPN services cannot be
expanded to network edge areas, which is not good for service upgrade and
investment protection.
z The flat structure cannot make full use of different network layers, and therefore
requires high-end PEs, which increase the network construction cost.
Hence, it has become imperative to optimize the MPLS L3VPN network architecture.
1.2 Benefits
To solve the scalability problem in layered and hierarchical network architectures, the
hierarchical architecture solution for MPLS L3VPN networks is designed. The
architecture is designed with the following considerations:
z Classifying PEs into multiple levels and having the PEs to implement the
functions of a traditional PE.
z Deploying PEs with higher capacity and performance at higher network levels.
z Deploying more PEs with higher access capability at lower network levels.
z Ensuring that the network architecture can support unlimited, hierarchical
expansion.
z Ensuring that the network architecture can support multi-AS connections.
The hierarchy of PE (HoPE) solution for MPLS L3VPN networks can classify PEs into
an arbitrary number of levels to achieve unlimited expansion. It distributes the PE
function among various PEs with different roles in a hierarchical structure. Devices at
higher levels should have higher routing and forwarding capabilities, while devices at
lower levels can have lower capabilities, which matches the typical hierarchical
network model.
2 HoPE Implementation
2.1 Concepts
z VPN instance: In an MPLS L3VPN network, route segregation among different
VPNs is implemented by VPN instances. A PE establishes and maintains a
separate VPN instance for each directly connected site and each VPN instance
has a separate routing table and forwarding table.
z VPN site: A VPN site is an independent IP network within a VPN and it can
belong to one or more VPNs. A VPN site is identified by its RD.
z UPE and SPE: In the HoPE architecture, PEs directly connected with CEs are
called under-layer PEs or user-end PEs (UPEs), and PEs connecting UPEs and
residing in the inner area of the network are called super-stratum PEs or service
provider-end PEs (SPEs). An SPE and the connected UPEs form a hierarchical
PE structure, which provides the same functions as a traditional PE.
CE
UPE
CE
CE
VPN B Site 3 UPE
SPE SPE
MPLS backbone CE
CE
CE VPN A Site 2
VPN B Site 1
As shown in Figure 2 , UPEs are connected with CEs on one side and are connected
with SPEs on the other side. An SPE and the connected UPEs form a hierarchical PE
structure, which provides the same functions as a traditional PE.
The main function of an SPE is to maintain and propagate VPN routes. It needs to
maintain all VPN routes, including routes of both the local and remote sites. An SPE
advertises routes with labels to UPEs. The routes advertised can be default routes (or
aggregated routes) of VPN instances, or routes permitted by routing policies. Access
control of sites within a VPN is implemented by routes permitted by routing policies.
The different functions of SPE and UPE embody the characteristics of PEs at
different levels. An SPE has a large capacity for routing entries and has a powerful
forwarding capability, but provides just a few interfaces; UPEs do not have high
routing and forwarding performance but are large in number, enabling them to
connect many users at places near to users. The HoPE technology makes full
advantage of the performance of SPE and the access capability of UPE.
Note that UPE and SPE are relative concepts. In an architecture with multiple PE
levels, a mid-level PE is an SPE to its lower level PEs, and is a UPE to its upper level
PEs.
As shown in Figure 3 , PEs are initially deployed at only the aggregation layer. When
the quantity of interfaces is not enough, some PEs are added at the access layer,
acting as UPEs, while the PEs at the aggregation layer act as SPEs. When the
routing capacity is insufficient, some other PEs are deployed at the core layer to
function as SPEs, while PEs at the aggregation layer become UPEs. When PEs are
deployed at all of the tree layers, a three-layer architecture comes into being and the
PEs at the aggregation layer become the mid-layer PEs (MPEs). Such evolution is
very suitable for a MAN.
3 Application Scenarios
3.1 HoPE Network Extension
MPLS backbone
MPLS backbone P
Backbone
Backbone P Central
SPE
city
Central County
PE UPE
city city
… …
CE CE CE CE CE CE CE CE
Traditional architecture: each CE HoPE architecture: UPEs connect local users
requires a line to PE, seriously at places as near, saving lines, supporting
limiting the coverage and scalability smooth service upgrade and multi-AS VPN,
and having unlimited scalability.
This method has native drawbacks. First, remote CEs require large quantities of wide
area network (WAN) line resources to access the central city nodes. Second, the
backbone size and the coverage and scalability of the whole network are greatly
restricted.
With HoPE, UPEs can be deployed at smaller cities and even counties to connect
local VPN users nearby. At the same time, the network coverage and scalability are
enhanced, and new services can be achieved as needed. An SPE and its UPEs may
or may not be in the same AS.
As shown in Figure 5 , the backbone and MANs are in different ASs. In this case,
SPEs can be deployed in the backbone and UPEs can be deployed in the MANs.
Each UPE sends all routes of its MAN to its SPE, while the SPE advertises to the
UPE the default routes of VPN instances or routes permitted by the routing policy. As
a result, each MAN only needs to maintain routes of its local VPN sites, and the
backbone maintains routes of all VPN sites.
Copyright ©2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of